Archive for June, 2010
Found Interesting videos on Exploitation
Dino Dai Zovi’s Memory Corruption 101
Basic debugging for exploit development
Exploit mitigations, shellcoding, and Metasploit with Dino Dai Zovi.
Today one of my office friend bought Ipod Touch 2G 8 GB it was quite good but it was using old firmware version ,as the latest 4.0 has been released so finally planned to update the latest version. Using the latest Itunes application i was able to updated to OS 4.0 which took 20 minutes to update.
Now new firmware looks very nice but i cant mess with most of things like installing custom tools by using the http://www.ihackintosh.com/2010/06/how-to-jailbreak-your-ipod-touch-2g-using-redsn0w/ guide i was able to jail break and have access to Cydia it is a replacement packaging and repository manager for the original Installer.app for the iPhone or iPod touch, once i followed the above guide i was able to jail break the ipod touch with the latest firmware and had access to the Cydia.My next plan is to use Cydia packages to install ssh on the ipod touch so that i can ssh to the device,install and configure the applications. Finally i was able to ssh to IPod touch from My Ubuntu desktop see the below Screenshot.The main objective of the above task was to use Ipod touch has an mobile penetration testing device ,next i will try to post on how to install tools like metasploit,nmap and other security tools.
Reverse Engineering for Vulnerability Analysis with Aaron Portnoy and Peter Silberman.
Reverse Engineering 101
Reverse Engineering 102 part 1
Reverse Engineering 102 part 2
I was Searching for More Details On Source Code Auditing found wonderful videos by Brandon Edwards
Introduction to Source Code Auditing by Brandon Edwards, Senior Security Researcher at McAfee.
Code Audits 101
Code Audits 102
Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other playersâ€™ scores and your own points scored, live, or on an overall scoreboard.
OverTheWire community can help you to learn and practice security concepts in the form of funfilled games.
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
4)De-ICE live CDS
register and downlaod these Live Cd’s from http://heorot.net/forums
p0wnlabs is your place to hack, experiment and learn by doing.
Join up and you get access to online hacking challenges, exercises and virtual lab environments stocked with hacking challenges for your mind:
- Map a system
- Find it’s vulnerabilities
- 0wn it
- Try out new hacking tools
- Learn new hacking tricks
- Hone your skills
The most important advantages are:
* WATOBO can perform vulnerability checks out of the box.
* WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
* WATOBO is written in (FX)Ruby and enables you to define your own checks
* WATOBO is free software ( licensed under the GNU General Public License Version 2)
check the Project details here
* Cookies – Some WAF products add their own cookie in the HTTP communication.
* Server Cloaking – Altering URLs and Response Headers.
* Response Codes – Different error codes for hostile pages/parameters values.
* Drop Action – Sending a FIN/RST packet. This can also be a false positive for an IDS/IPS.
* Pre Built-In Rules – Each WAF has different negative security signatures. A study is done of all them WAF products.
Below is the test Conducted on Modsecurity its an Open Source Firewall
1) punter@rtfm:~$svn checkout waffit – Revision 11: /trunk waffit-read-only
2) punter@rtfm:~$cd to that downloaded directory cd /pentest/web/waffit-read-only#
3) punter@rtfm:~$python wafw00f.py http://192.168.0.122–>
punter@rtfm:~$ python wafw00f.py http://192.168.0.122
_ __ _ ____ _ __ _ _ ____
///7/ /.’ \ / __////7/ /,’ \ ,’ \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,’/_n_//_/ |_n_,’ \_,’ \_,’/_/
WAFW00F – Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
The site http://192.168.0.122 is behind a ModSecurity
Number of requests: 5
I have Often seen Beginners who will pursue their carrier in Application Security always have less Hands on experience in testing Web Applications below are the links Would help them to learn and Improve their skills in Application Security Testing.
1) Jarlsberg App
2) OWASP Broken Web Applications project
Intentionally Vulnerable Applications:
•OWASP WebGoat version 5.3-SNAPSHOT (Java)
•OWASP Vicnum version 1.4 (PHP/Perl)
•Mutillidae version 1.3 (PHP)
•Damn Vulnerable Web Application version 1.06 (PHP)
•Peruggia version 1.2 (PHP)
•OWASP CSRFGuard Test Application version 2.2 (Java)
•OWASP AppSensor Demo Application (Java)
•Mandiant Struts Forms (Java/Struts)
•Simple ASP.NET Forms (ASP.NET/C#)
Old Versions of Real Applications:
•WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
•phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
•Yazd version 1.0 (Java, released February 20, 2002)
3)Web Security Dojo
•Damn Vulnerable Web App
•simple training targets by Maven Security (including REST and JSON)
•Burp Suite (free version)
•helpful Firefox add-ons
4)SPI Dynamics (live) – http://zero.webappsecurity.com/
5)Cenzic (live) – http://crackme.cenzic.com/
6)Watchfire (live) – http://demo.testfire.net/
8)PCTechtips Challenge (live) – http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
9)The Butterfly Security Project – http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project
10)Hacme Casino – http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
11)Hacme Bank 2.0 – http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
12)Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
14)Hacme Books – http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
15)Hacme Travel – http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
16)Hacme Shipping – http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
17)OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator
19)Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/
20)SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/
21)BadStore – http://www.badstore.net/
22)WebMaven/Buggy Bank – http://www.mavensecurity.com/webmaven